shorten the period to get fresh bridges in circumvention settings
At !30 (merged) I implemented (from the doc I wrote):
The resources provided /circumvention/settings and /circumvention/defaults use a combination of two mechanisms to make it harder for attackers to list all the bridges.
Resources are group so each resource will only be distributed in a certain time period (rotation_period_hours), and will not be distributed again until a number of periods has past (num_periods). If rotation_period_hours=24 and num_periods=30 resources will be divided in 30 groups and each group will be distributed during one day and so a single resource will not be distributed again 30 days has passed.
The IP address of the requester will be used so over the same rotation period every IP coming from the same subnet will get the same resources on each request.
I have some doubts about that mechanism. I'm thinking on setting rotation_period_hours=24
. So if the bridges that a user gets don't work they need to wait for a day to be able to request new bridges, might that be too long? Might we want to add another rotation period for the IP subnet, something like the current MOAT_ROTATION_PERIOD=3h, so from the same bridge group a single subnet can get different bridges each 3 hours. Or will that just complicate the mechanism without adding much?
I'm using the same subnet definition that BridgeDB, /16 for IPv4 and /32 for IPv6. Specifically for IPv4 I guess many countries will not have so many subnets, which means that most users in a country requesting bridges in a single rotation period will get to few bridges. Is that concern real? The second rotation period would help here as well, or we could reduce the subnets (to /24 for IPv4).
(from #79 (comment 2788654))